EUVD-2025-205494

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

EUVD-2022-5833

Malicious code in bioql PyPI...

CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

CVE-2025-59948

FreshRSS versions 1.26.3 and earlier are vulnerable to XSS due to unsanitized event handler attributes in feed content. The attack requires that the instance has API access authentication enabled and uses the /api/query.php endpoint; successful exploitation can lead to account takeover and, if th...

CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2022-39996

Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page...

Teldat RS123和Teldat RS123w 安全漏洞

Teldat RS123 and Teldat RS123w are both routers from Teldat. A security vulnerability exists in Teldat RS123 and Teldat RS123w, which stems from a cross-site scripting vulnerability in the cmdcookie parameter of the upgrade/query.php page...

PT-2024-11620 · Teldats · Teldats Router

Name of the Vulnerable Software and Affected Versions: Teldats Router versions RS123, RS123w Description: The issue allows an attacker to execute arbitrary code via the cmdcookie parameter to the "upgrade/query.php" page. This enables the attacker to perform Cross Site Scripting attacks...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

The CVE-2023-39678 entry describes an XSS flaw in the web interface (Log Query page) of the BDCOM OLT P3310D-2AC, firmware 10.1.0F Build 69083. Vulnerable component: the Log Query username parameter; root cause is reflected/stored XSS allowing arbitrary web script/HTML execution. Impact explicitl...

PT-2023-27069 · Bdcom · Bdcom Olt P3310D-2Ac

Name of the Vulnerable Software and Affected Versions: BDCOM OLT P3310D-2AC version 10.1.0F Build 69083 Description: A cross-site scripting XSS vulnerability in the device web interface, specifically the Log Query page, allows attackers to execute arbitrary web scripts or HTML via a crafted paylo...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-29154

SQL injection vulnerability exists in the CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page...

PT-2023-22173 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: A SQL injection issue exists, allowing a user with administrative privileges to execute arbitrary SQL commands by providing specially crafted input to the query setting page...

CVE-2021-32664

CVE-2021-32664 (Combodo iTop) is an XSS vulnerability on the run query page when authenticated as administrator. The primary description notes affected versions and fixes: it was resolved in iTop versions 2.6.5 and 2.7.5. Connected sources corroborate iTop-specific issues and mitigations across m...